SSM.Client.
describe_available_patches
(**kwargs)¶Lists all patches eligible to be included in a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.describe_available_patches(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server managed node patches include the following:
PATCH_SET
Sample values: OS
| APPLICATION
PRODUCT
Sample values: WindowsServer2012
| Office 2010
| MicrosoftDefenderAntivirus
PRODUCT_FAMILY
Sample values: Windows
| Office
MSRC_SEVERITY
Sample values: ServicePacks
| Important
| Moderate
CLASSIFICATION
Sample values: ServicePacks
| SecurityUpdates
| DefinitionUpdates
PATCH_ID
Sample values: KB123456
| KB4516046
Linux
Warning
When specifying filters for Linux patches, you must specify a key-pair for PRODUCT
. For example, using the Command Line Interface (CLI), the following command fails:
aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux managed node patches include the following:
PRODUCT
Sample values: AmazonLinux2018.03
| AmazonLinux2.0
NAME
Sample values: kernel-headers
| samba-python
| php
SEVERITY
Sample values: Critical
| Important
| Medium
| Low
EPOCH
Sample values: 0
| 1
VERSION
Sample values: 78.6.1
| 4.10.16
RELEASE
Sample values: 9.56.amzn1
| 1.amzn2
ARCH
Sample values: i686
| x86_64
REPOSITORY
Sample values: Core
| Updates
ADVISORY_ID
Sample values: ALAS-2018-1058
| ALAS2-2021-1594
CVE_ID
Sample values: CVE-2018-3615
| CVE-2020-1472
BUGZILLA_ID
Sample values: 1463241
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter
include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Patches': [
{
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
An array of patches. Each entry in the array is a patch structure.
(dict) --
Represents metadata about a patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows
or Amazon Linux 2
.
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016
or AmazonLinux2018.03
.
Classification (string) --
The classification of the patch. For example, SecurityUpdates
, Updates
, or CriticalUpdates
.
MsrcSeverity (string) --
The severity of the patch, such as Critical
, Important
, or Moderate
. Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045
. Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779
. Applies to Linux-based managed nodes only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646
. Applies to Linux-based managed nodes only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192
. Applies to Linux-based managed nodes only.
Name (string) --
The name of the patch. Applies to Linux-based managed nodes only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is 20180914-2
. Applies to Linux-based managed nodes only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by -1
. Applies to Linux-based managed nodes only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is 2.amaz1
. Applies to Linux-based managed nodes only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated by x86_64
. Applies to Linux-based managed nodes only.
Severity (string) --
The severity level of the patch. For example, CRITICAL
or MODERATE
.
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security
for Ubuntu Server 14.04 LTE and focal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
SSM.Client.exceptions.InternalServerError